Clark Howard

Have you eaten at Cheddar's Scratch Kitchen? Take these steps to protect your credit

Cheddar’s Scratch Kitchen has suffered a cyberattack that is believed to have yielded the payment information of a half million customers to criminals late last year and early in January 2018.

RELATED: How to make extra money testing food

A look at the Cheddar’s Scratch Kitchen data breach

First, let's take a step back. In case you're not familiar with it, Cheddar's Scratch Kitchen is an up-and-coming restaurant that serves made-from-scratch cooking served in a casual environment in more than two dozen states.

It’s owned by Darden Restaurants, which is the parent company of Olive Garden, Longhorn Steakhouse, the Capital Grille, Yard House, Eddie V’s and Seasons 52.

According to a new press release, federal authorities notified Darden Restaurants that an old point-of-sale system obtained when the company purchased Cheddar's in March 2017 was compromised in a cyberattack.

The breach — which took place at the peak of the holiday season between November 3, 2017 and January 2, 2018 — involves an estimated 567,000 payment card numbers.

However, the company stresses the investigation is ongoing and that count could change.

Cheddar’s locations that were affected are in the following states:

  • Alabama
  • Arizona
  • Arkansas
  • Delaware
  • Florida
  • Illinois
  • Indiana
  • Iowa
  • Kansas
  • Louisiana
  • Maryland
  • Michigan
  • Missouri
  • Nebraska
  • New Mexico
  • North Carolina
  • Ohio
  • Oklahoma
  • Pennsylvania
  • South Carolina
  • Texas
  • Virginia
  • Wisconsin

Fortunately, there's no evidence the stolen card info has been misused at this time. The legacy system that was breached was subsequently disabled and replaced in April 2017. Therefore, it no longer poses any threat to customers.

Watch your statements carefully

If you’ve eaten at a Cheddar’s Scratch Kitchen restaurant in one of the states listed above, be check your bank statements closely for the next few months.

Be on the lookout for any fake charges the crooks may try to push through now that they have your payment info. Be diligent about disputing them immediately with your bank or credit card company.

Credit cards give you 60 days to dispute any fraudulent charges. But by federal law, debit cards are only required to give you two days to report money that’s missing from your account. If you fail to do that, you could be on the hook for up to $500. And under some circumstances, your liability with a debit card can be unlimited.

That’s why money expert Clark Howard has long recommended that if you want to continue using debit in your life, you should tie it into a separate account that’s solely used for debit transactions. That way, only the limited amount of money in that account is at risk.

Get a credit freeze in place

Cheddar’s is offering free credit monitoring to anyone affected by this data breach. But Clark is no fan of identity theft monitoring and protection. His preferred alternative is a full-blown credit freeze.

Fortunately, credit freezes will soon be free for everyone by an act of Congress.

See our Credit Freeze Guide for step-by-step instructions on doing a freeze.

The great thing about a credit freeze is that it effectively shuts down a criminal’s ability to open new credit in your name, even if they get your personal info in a breach.

More personal finance stories on Clark.com: